Thread: Nameserver prob
View Single Post
Old 07-14-2005, 01:55 PM   #5 (permalink)
cholmes2
Registered User
 
Join Date: Oct 2004
Posts: 60
OS: XP Pro


Hi
Done eveything you said, heres the log files first the Hijack this log. I deleted the nameserver files you requested but left the Zerospyware stuff after reading your last post.

Logfile of HijackThis v1.99.1
Scan saved at 23:00:31, on 13/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\FBM Software\ZeroSpyware Limited Edition\FileDeleter.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alias\Alias ImageStudio 2.1\bin\renderqueue.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\msole32.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\System32\BtUsrBdg.exe
C:\WINDOWS\System32\BTSetBootKey.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Avant Browser\avant.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Documents and Settings\Owner\Desktop\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ZSLEScheduler] RunDll32.exe "C:\Program Files\FBM Software\ZeroSpyware Limited Edition\ZSScheduler.dll", runScheduler C:\Program Files\FBM Software\ZeroSpyware Limited Edition\
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121104012062
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE166989-A8A9-4DD6-A1B4-8E08E2AAEB3F}: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{B74981C0-A043-44ED-9222-A406510EF3BF}: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{D74D6144-A420-4CC0-97EC-9F10E668DB9D}: NameServer = 69.50.188.180 85.255.112.5
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ZeroSpyware FileDeleter (FileDeleter) - FBM Software - C:\Program Files\FBM Software\ZeroSpyware Limited Edition\FileDeleter.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Alias ImageStudio Render Queue (renderqueue) - Unknown owner - C:\Program Files\Alias\Alias ImageStudio 2.1\bin\renderqueue.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE

I then ran the smitRem program heres the logfile


Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ system32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ system32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

Not Infected!

Then the Ewido logfile note one file the program wanted couldn't be deleted from the System Volume Information folder without deleting the whole archive(a windows warning popped up) so i left it, i'll wait for your advice on this, i made a note of the exact file but its very long.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 20:34:00, 14/07/2005
+ Report-Checksum: E9B59153

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{44A4F449-ADED-A513-8AE7-5A3DDF205F49} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ToolBand.ToolBandHelper -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ToolBand.ToolBandHelper\CLSID -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ToolBand.ToolBandHelper\CurVer -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} -> Spyware.ASSbar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} -> Spyware.ASSbar : Cleaned with backup
HKU\S-1-5-21-4269178923-4130427461-1301604636-1003\Software\WareOut -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-4269178923-4130427461-1301604636-1003\Software\WareOut\FirstRun -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-4269178923-4130427461-1301604636-1003\Software\WareOut\Options -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-4269178923-4130427461-1301604636-1003\Software\WareOut\Registration -> TrojanDownloader.Wareout : Cleaned with backup
C:\compaq\lutil\WizHost.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\wtta.exe -> Spyware.PurityScan : Cleaned with backup
C:\Program Files\FBM Software\ZeroSpyware Limited Edition\BackUp\WINXP\Owner\Win.ini:gwwyv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP52\A0053446.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP59\A0055752.exe -> TrojanDropper.Small.ue : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP59\A0055753.exe -> TrojanDropper.Small.ue : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP59\A0055823.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP59\A0055834.EXE:srrfeg -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP60\A0055837.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP61\A0055846.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP61\A0055856.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP61\A0055857.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP61\A0055868.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP61\A0055870.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP61\A0055874.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP61\A0055875.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP63\A0056635.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP63\A0056640.exe -> TrojanDownloader.Zlob.w : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP63\A0056643.exe -> TrojanDropper.Small.acb : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP63\A0056652.dll -> TrojanSpy.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP63\A0056677.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP63\A0056686.exe -> TrojanDownloader.Zlob.w : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP63\A0056689.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP63\A0056698.dll -> TrojanSpy.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP64\A0056708.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP64\A0056713.dll -> TrojanSpy.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP64\A0056714.exe -> Spyware.FindSpy : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP64\A0056738.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP64\A0056746.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP64\A0056747.dll -> TrojanSpy.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP64\A0056748.exe -> Spyware.FindSpy : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP64\A0056781.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP64\A0056789.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP65\A0056818.dll -> TrojanSpy.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP65\A0056823.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP65\A0056831.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP65\A0056832.dll -> TrojanSpy.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP65\A0056839.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP65\A0056847.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP65\A0056853.dll -> TrojanSpy.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP65\A0056855.exe -> Spyware.FindSpy : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP65\A0056858.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP65\A0056866.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP65\A0056867.dll -> TrojanSpy.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP66\A0056878.dll -> TrojanSpy.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP66\A0056880.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP66\A0056887.exe -> Spyware.FindSpy : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP66\A0056934.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP66\A0056942.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP67\A0056946.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP67\A0056956.dll -> TrojanSpy.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP67\A0056958.exe -> Spyware.FindSpy : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP67\A0057005.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP67\A0057013.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP67\A0057052.dll -> TrojanSpy.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP70\A0057097.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP70\A0057130.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP93\A0057730.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP93\A0057848.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP93\A0057857.exe/UCMTSAIE.DLL -> Spyware.UCmore : Error during cleaning
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP93\A0057857.exe/IUCMORE.DLL -> Spyware.UCmore : Error during cleaning
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP93\A0057858.exe -> TrojanDownloader.Small.aou : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP93\A0057859.dll -> TrojanDownloader.Agent.ns : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP93\A0058051.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP93\A0058058.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP93\A0058255.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP93\A0059255.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP93\A0060255.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP93\A0060262.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP93\A0060266.dll -> TrojanSpy.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP93\A0060267.exe -> Spyware.FindSpy : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP93\A0060298.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP93\A0060306.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP94\A0060322.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP94\A0060358.exe -> Spyware.FindSpy : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP94\A0060359.dll -> TrojanSpy.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP94\A0060742.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP94\A0060748.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP94\A0061740.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP94\A0061748.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP94\A0061791.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP94\A0061798.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP94\A0061810.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP94\A0061818.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP94\A0061819.exe -> Spyware.FindSpy : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP95\A0061855.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP95\A0061863.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP95\A0061867.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP95\A0061875.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP95\A0061879.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP95\A0061887.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP95\A0061900.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP95\A0061908.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP95\A0061925.exe -> Spyware.FindSpy : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP95\A0061932.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP95\A0062100.exe -> Trojan.TopAntiSpyware : Cleaned with backup
C:\System Volume Information\_restore{6A1F147C-1AD2-4516-B4BD-5F418FB8D321}\RP95\A0062101.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\addmu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\deinstall.exe -> Trojan.Krepper.ak : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gdnFR1383.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\ipun32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\jgtfr.txt:xjrndq -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ODBC.INI:wbkmv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ODBCINST(2)(2).INI:ikanpd -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\ODBCINST(2).INI:ikanpd -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\ODBCINST(3).INI:ikanpd -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\ODBCINST(4).INI:ikanpd -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\OEWABLog.txt:fophdb -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\orun32(2).ini:tltsjn -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\orun32(3).ini:tltsjn -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\orun32(4).ini:tltsjn -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SchedLgU.Txt:oyxma -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\SchedLgU.Txt:rjgtnd -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\smscfg(2).ini:zzaxx -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\smscfg(3).ini:zzaxx -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\system32\cckwk.exe -> Backdoor.Agent.jo : Cleaned with backup
C:\WINDOWS\system32\d3wc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\fxeetdoo.exe -> Trojan.Pakes : Cleaned with backup
C:\WINDOWS\system32\gwzg.exe -> Backdoor.Agent.jo : Cleaned with backup
C:\WINDOWS\system32\iexplore.exe -> Backdoor.PoeBot.b : Cleaned with backup
C:\WINDOWS\system32\jnkj.exe -> TrojanDropper.Agent.mm : Cleaned with backup
C:\WINDOWS\system32\kbsdk.exe -> Backdoor.Agent.jo : Cleaned with backup
C:\WINDOWS\system32\mfcmf.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\msfr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\nzrif.exe -> Backdoor.Agent.jo : Cleaned with backup
C:\WINDOWS\system32\ogdqk.exe -> Backdoor.Agent.jo : Cleaned with backup
C:\WINDOWS\system32\oiabjst.exe -> TrojanProxy.Ranky : Cleaned with backup
C:\WINDOWS\system32\paydial.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\paytime.exe -> TrojanDownloader.Harnig.aj : Cleaned with backup
C:\WINDOWS\system32\qzbdpmx.exe -> Backdoor.Agent.jo : Cleaned with backup
C:\WINDOWS\system32\rtvk.exe -> Backdoor.Agent.jo : Cleaned with backup
C:\WINDOWS\system32\tvkel.exe -> TrojanDropper.Agent.mm : Cleaned with backup
C:\WINDOWS\system32\vlpvne.exe -> Backdoor.Agent.jo : Cleaned with backup
C:\WINDOWS\system32\xftq.exe -> TrojanDropper.Agent.lt : Cleaned with backup
C:\WINDOWS\system32\ypuaqso.exe -> Backdoor.Agent.jo : Cleaned with backup
C:\WINDOWS\system32\zoamk.exe -> TrojanDropper.Agent.mm : Cleaned with backup
C:\WINDOWS\tool.exe -> TrojanDownloader.Small.aqt : Cleaned with backup
C:\WINDOWS\tool1.exe -> Trojan.LowZones.y : Cleaned with backup
C:\WINDOWS\vbaddin(2).ini:nkyrr -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\vbaddin(2).ini:xnhmr -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\win.ini:gwwyv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default(2)(2).pif:addgam -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\_default(2)(2).pif:bthhd -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\_default(2)(2).pif:kwxgt -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default(2)(2).pif:nhatau -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\_default(2)(2).pif:paijmh -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\_default(2)(2).pif:tdhbne -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\_default(2)(2).pif:ugqnyk -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_default(2).pif:addgam -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\_default(2).pif:bthhd -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\_default(2).pif:kwxgt -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default(2).pif:nhatau -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\_default(2).pif:paijmh -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\_default(2).pif:tdhbne -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\_default(2).pif:ugqnyk -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_MSRSTRT.EXE:euqdcj -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_MSRSTRT.EXE:srrfeg -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\_MSRSTRT.EXE:wvjjxt -> TrojanDownloader.Agent.bq : Cleaned with backup


::Report End

Also Ad Aware found nothing when i did the scan, which is maybe a good thing after reading the problems people have had with running Zerospyware and Ad Aware together. Any suggestions for what i do about that and is everything fine now looking at the logs? (a lot to look at i know!)

Many thanks
cholmes2 is offline